Overview
overview
10Static
static
3Kiddions_m...nu.exe
windows7-x64
10Kiddions_m...nu.exe
windows10-2004-x64
10Kiddions_m...d.html
windows7-x64
1Kiddions_m...d.html
windows10-2004-x64
1Kiddions_m...typing
ubuntu-18.04-amd64
1Kiddions_m...typing
debian-9-armhf
1Kiddions_m...typing
debian-9-mips
1Kiddions_m...typing
debian-9-mipsel
1Kiddions_m...ry.pdf
windows7-x64
1Kiddions_m...ry.pdf
windows10-2004-x64
1Kiddions_m...ck.exe
windows7-x64
7Kiddions_m...ck.exe
windows10-2004-x64
7Kiddions_m...ng.pdf
windows7-x64
1Kiddions_m...ng.pdf
windows10-2004-x64
1Kiddions_m...er.pdf
windows7-x64
1Kiddions_m...er.pdf
windows10-2004-x64
1Kiddions_m...er.pdf
windows7-x64
1Kiddions_m...er.pdf
windows10-2004-x64
1Kiddions_m...ic.pdf
windows7-x64
1Kiddions_m...ic.pdf
windows10-2004-x64
1Kiddions_m...ne.pdf
windows7-x64
1Kiddions_m...ne.pdf
windows10-2004-x64
1Kiddions_m...rt.pdf
windows7-x64
1Kiddions_m...rt.pdf
windows10-2004-x64
1Kiddions_m...ed.pdf
windows7-x64
1Kiddions_m...ed.pdf
windows10-2004-x64
1Kiddions_m...an.pdf
windows7-x64
1Kiddions_m...an.pdf
windows10-2004-x64
1Kiddions_m...on.pdf
windows7-x64
1Kiddions_m...on.pdf
windows10-2004-x64
1Kiddions_m...ne.pdf
windows7-x64
1Kiddions_m...ne.pdf
windows10-2004-x64
1Analysis
-
max time kernel
88s -
max time network
167s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
02-12-2022 06:51
Behavioral task
behavioral1
Sample
Kiddions_menu/Kiddions_menu.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Kiddions_menu/Kiddions_menu.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral3
Sample
Kiddions_menu/Readme.md/lib/pdf/reader/afm/MustRead.html
Resource
win7-20220812-en
Behavioral task
behavioral4
Sample
Kiddions_menu/Readme.md/lib/pdf/reader/afm/MustRead.html
Resource
win10v2004-20220812-en
Behavioral task
behavioral5
Sample
Kiddions_menu/Readme.md/scripts/require-strict-typing
Resource
ubuntu1804-amd64-en-20211208
Behavioral task
behavioral6
Sample
Kiddions_menu/Readme.md/scripts/require-strict-typing
Resource
debian9-armhf-en-20211208
Behavioral task
behavioral7
Sample
Kiddions_menu/Readme.md/scripts/require-strict-typing
Resource
debian9-mipsbe-en-20211208
Behavioral task
behavioral8
Sample
Kiddions_menu/Readme.md/scripts/require-strict-typing
Resource
debian9-mipsel-20221111-en
Behavioral task
behavioral9
Sample
Kiddions_menu/Readme.md/spec/data/20070313 - 2nd Laptop Battery.pdf
Resource
win7-20221111-en
Behavioral task
behavioral10
Sample
Kiddions_menu/Readme.md/spec/data/20070313 - 2nd Laptop Battery.pdf
Resource
win10v2004-20221111-en
Behavioral task
behavioral11
Sample
Kiddions_menu/Readme.md/spec/data/Genshin Impact hack.exe
Resource
win7-20221111-en
Behavioral task
behavioral12
Sample
Kiddions_menu/Readme.md/spec/data/Genshin Impact hack.exe
Resource
win10v2004-20221111-en
Behavioral task
behavioral13
Sample
Kiddions_menu/Readme.md/spec/data/TJ_and_char_spacing.pdf
Resource
win7-20221111-en
Behavioral task
behavioral14
Sample
Kiddions_menu/Readme.md/spec/data/TJ_and_char_spacing.pdf
Resource
win10v2004-20221111-en
Behavioral task
behavioral15
Sample
Kiddions_menu/Readme.md/spec/data/TJ_starts_with_a_number.pdf
Resource
win7-20221111-en
Behavioral task
behavioral16
Sample
Kiddions_menu/Readme.md/spec/data/TJ_starts_with_a_number.pdf
Resource
win10v2004-20221111-en
Behavioral task
behavioral17
Sample
Kiddions_menu/Readme.md/spec/data/ascii85_filter.pdf
Resource
win7-20220812-en
Behavioral task
behavioral18
Sample
Kiddions_menu/Readme.md/spec/data/ascii85_filter.pdf
Resource
win10v2004-20220812-en
Behavioral task
behavioral19
Sample
Kiddions_menu/Readme.md/spec/data/cairo-basic.pdf
Resource
win7-20220812-en
Behavioral task
behavioral20
Sample
Kiddions_menu/Readme.md/spec/data/cairo-basic.pdf
Resource
win10v2004-20220812-en
Behavioral task
behavioral21
Sample
Kiddions_menu/Readme.md/spec/data/cairo-multiline.pdf
Resource
win7-20220901-en
Behavioral task
behavioral22
Sample
Kiddions_menu/Readme.md/spec/data/cairo-multiline.pdf
Resource
win10v2004-20220812-en
Behavioral task
behavioral23
Sample
Kiddions_menu/Readme.md/spec/data/cairo-unicode-short.pdf
Resource
win7-20220812-en
Behavioral task
behavioral24
Sample
Kiddions_menu/Readme.md/spec/data/cairo-unicode-short.pdf
Resource
win10v2004-20220812-en
Behavioral task
behavioral25
Sample
Kiddions_menu/Readme.md/spec/data/clearscan-with-image-removed.pdf
Resource
win7-20220812-en
Behavioral task
behavioral26
Sample
Kiddions_menu/Readme.md/spec/data/clearscan-with-image-removed.pdf
Resource
win10v2004-20220812-en
Behavioral task
behavioral27
Sample
Kiddions_menu/Readme.md/spec/data/clearscan.pdf
Resource
win7-20220812-en
Behavioral task
behavioral28
Sample
Kiddions_menu/Readme.md/spec/data/clearscan.pdf
Resource
win10v2004-20220812-en
Behavioral task
behavioral29
Sample
Kiddions_menu/Readme.md/spec/data/column_integration.pdf
Resource
win7-20221111-en
Behavioral task
behavioral30
Sample
Kiddions_menu/Readme.md/spec/data/column_integration.pdf
Resource
win10v2004-20220812-en
Behavioral task
behavioral31
Sample
Kiddions_menu/Readme.md/spec/data/content_stream_begins_with_newline.pdf
Resource
win7-20220812-en
Behavioral task
behavioral32
Sample
Kiddions_menu/Readme.md/spec/data/content_stream_begins_with_newline.pdf
Resource
win10v2004-20220812-en
General
-
Target
Kiddions_menu/Readme.md/spec/data/clearscan-with-image-removed.pdf
-
Size
21KB
-
MD5
e23e6771ff494e4c16a4c58a72c36aea
-
SHA1
0c86038cd9cbcbeddcf4a7023aed320d86f0241f
-
SHA256
9d8e3994e70d41ebc1bb0ecdb0fdaf133c0d6701f743e933f9666b9f40faa4e7
-
SHA512
5619a833a7e86fa50b995bdb062c3517dc6cc9335a5c5ad968b1fe5bb991bd987f72f007438a1088c3316ec5d033aeb0a7755f4d7e98f0db452a9b937adba986
-
SSDEEP
384:9Bbq41koLiBkayWMhpVQQdV8xgkTBZshB8qlzljlYIl2WcQzyL3g:9Y417iuZhjQQyguZsMqlzljlYIl2WDys
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
AcroRd32.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe -
Processes:
AcroRd32.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe -
Suspicious behavior: EnumeratesProcesses 22 IoCs
Processes:
AcroRd32.exepid process 3988 AcroRd32.exe 3988 AcroRd32.exe 3988 AcroRd32.exe 3988 AcroRd32.exe 3988 AcroRd32.exe 3988 AcroRd32.exe 3988 AcroRd32.exe 3988 AcroRd32.exe 3988 AcroRd32.exe 3988 AcroRd32.exe 3988 AcroRd32.exe 3988 AcroRd32.exe 3988 AcroRd32.exe 3988 AcroRd32.exe 3988 AcroRd32.exe 3988 AcroRd32.exe 3988 AcroRd32.exe 3988 AcroRd32.exe 3988 AcroRd32.exe 3988 AcroRd32.exe 3988 AcroRd32.exe 3988 AcroRd32.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
AcroRd32.exepid process 3988 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
Processes:
AcroRd32.exepid process 3988 AcroRd32.exe 3988 AcroRd32.exe 3988 AcroRd32.exe 3988 AcroRd32.exe 3988 AcroRd32.exe 3988 AcroRd32.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
AcroRd32.exeRdrCEF.exedescription pid process target process PID 3988 wrote to memory of 1460 3988 AcroRd32.exe RdrCEF.exe PID 3988 wrote to memory of 1460 3988 AcroRd32.exe RdrCEF.exe PID 3988 wrote to memory of 1460 3988 AcroRd32.exe RdrCEF.exe PID 3988 wrote to memory of 1548 3988 AcroRd32.exe RdrCEF.exe PID 3988 wrote to memory of 1548 3988 AcroRd32.exe RdrCEF.exe PID 3988 wrote to memory of 1548 3988 AcroRd32.exe RdrCEF.exe PID 3988 wrote to memory of 760 3988 AcroRd32.exe RdrCEF.exe PID 3988 wrote to memory of 760 3988 AcroRd32.exe RdrCEF.exe PID 3988 wrote to memory of 760 3988 AcroRd32.exe RdrCEF.exe PID 3988 wrote to memory of 4600 3988 AcroRd32.exe RdrCEF.exe PID 3988 wrote to memory of 4600 3988 AcroRd32.exe RdrCEF.exe PID 3988 wrote to memory of 4600 3988 AcroRd32.exe RdrCEF.exe PID 4600 wrote to memory of 2368 4600 RdrCEF.exe RdrCEF.exe PID 4600 wrote to memory of 2368 4600 RdrCEF.exe RdrCEF.exe PID 4600 wrote to memory of 2368 4600 RdrCEF.exe RdrCEF.exe PID 4600 wrote to memory of 2368 4600 RdrCEF.exe RdrCEF.exe PID 4600 wrote to memory of 2368 4600 RdrCEF.exe RdrCEF.exe PID 4600 wrote to memory of 2368 4600 RdrCEF.exe RdrCEF.exe PID 4600 wrote to memory of 2368 4600 RdrCEF.exe RdrCEF.exe PID 4600 wrote to memory of 2368 4600 RdrCEF.exe RdrCEF.exe PID 4600 wrote to memory of 2368 4600 RdrCEF.exe RdrCEF.exe PID 4600 wrote to memory of 2368 4600 RdrCEF.exe RdrCEF.exe PID 4600 wrote to memory of 2368 4600 RdrCEF.exe RdrCEF.exe PID 4600 wrote to memory of 2368 4600 RdrCEF.exe RdrCEF.exe PID 4600 wrote to memory of 2368 4600 RdrCEF.exe RdrCEF.exe PID 4600 wrote to memory of 2368 4600 RdrCEF.exe RdrCEF.exe PID 4600 wrote to memory of 2368 4600 RdrCEF.exe RdrCEF.exe PID 4600 wrote to memory of 2368 4600 RdrCEF.exe RdrCEF.exe PID 4600 wrote to memory of 2368 4600 RdrCEF.exe RdrCEF.exe PID 4600 wrote to memory of 2368 4600 RdrCEF.exe RdrCEF.exe PID 4600 wrote to memory of 2368 4600 RdrCEF.exe RdrCEF.exe PID 4600 wrote to memory of 2368 4600 RdrCEF.exe RdrCEF.exe PID 4600 wrote to memory of 2368 4600 RdrCEF.exe RdrCEF.exe PID 4600 wrote to memory of 2368 4600 RdrCEF.exe RdrCEF.exe PID 4600 wrote to memory of 2368 4600 RdrCEF.exe RdrCEF.exe PID 4600 wrote to memory of 2368 4600 RdrCEF.exe RdrCEF.exe PID 4600 wrote to memory of 2368 4600 RdrCEF.exe RdrCEF.exe PID 4600 wrote to memory of 2368 4600 RdrCEF.exe RdrCEF.exe PID 4600 wrote to memory of 2368 4600 RdrCEF.exe RdrCEF.exe PID 4600 wrote to memory of 2368 4600 RdrCEF.exe RdrCEF.exe PID 4600 wrote to memory of 2368 4600 RdrCEF.exe RdrCEF.exe PID 4600 wrote to memory of 2368 4600 RdrCEF.exe RdrCEF.exe PID 4600 wrote to memory of 2368 4600 RdrCEF.exe RdrCEF.exe PID 4600 wrote to memory of 2368 4600 RdrCEF.exe RdrCEF.exe PID 4600 wrote to memory of 2368 4600 RdrCEF.exe RdrCEF.exe PID 4600 wrote to memory of 2368 4600 RdrCEF.exe RdrCEF.exe PID 4600 wrote to memory of 2368 4600 RdrCEF.exe RdrCEF.exe PID 4600 wrote to memory of 2368 4600 RdrCEF.exe RdrCEF.exe PID 4600 wrote to memory of 2368 4600 RdrCEF.exe RdrCEF.exe PID 4600 wrote to memory of 2368 4600 RdrCEF.exe RdrCEF.exe PID 4600 wrote to memory of 2368 4600 RdrCEF.exe RdrCEF.exe PID 4600 wrote to memory of 2368 4600 RdrCEF.exe RdrCEF.exe PID 4600 wrote to memory of 2368 4600 RdrCEF.exe RdrCEF.exe PID 4600 wrote to memory of 2368 4600 RdrCEF.exe RdrCEF.exe PID 4600 wrote to memory of 2368 4600 RdrCEF.exe RdrCEF.exe PID 4600 wrote to memory of 3912 4600 RdrCEF.exe RdrCEF.exe PID 4600 wrote to memory of 3912 4600 RdrCEF.exe RdrCEF.exe PID 4600 wrote to memory of 3912 4600 RdrCEF.exe RdrCEF.exe PID 4600 wrote to memory of 3912 4600 RdrCEF.exe RdrCEF.exe PID 4600 wrote to memory of 3912 4600 RdrCEF.exe RdrCEF.exe PID 4600 wrote to memory of 3912 4600 RdrCEF.exe RdrCEF.exe PID 4600 wrote to memory of 3912 4600 RdrCEF.exe RdrCEF.exe PID 4600 wrote to memory of 3912 4600 RdrCEF.exe RdrCEF.exe PID 4600 wrote to memory of 3912 4600 RdrCEF.exe RdrCEF.exe
Processes
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Kiddions_menu\Readme.md\spec\data\clearscan-with-image-removed.pdf"1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=2ADD92ED2CB34CFCB4DE2E9C7C771AA4 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=2ADD92ED2CB34CFCB4DE2E9C7C771AA4 --renderer-client-id=2 --mojo-platform-channel-handle=1760 --allow-no-sandbox-job /prefetch:13⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=F834371960EC5A875500F185079047AC --mojo-platform-channel-handle=1764 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=7287CEA1A96193921726513B65492228 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=7287CEA1A96193921726513B65492228 --renderer-client-id=4 --mojo-platform-channel-handle=2312 --allow-no-sandbox-job /prefetch:13⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=87CAC14BACF9D6318BD05A811723FCDA --mojo-platform-channel-handle=2580 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=8ED0C7919EFAEE52381ABC88D6C24323 --mojo-platform-channel-handle=2332 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=3503F55E77D19BFDC192415A21CFFE5C --mojo-platform-channel-handle=1764 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/760-134-0x0000000000000000-mapping.dmp
-
memory/960-153-0x0000000000000000-mapping.dmp
-
memory/1460-132-0x0000000000000000-mapping.dmp
-
memory/1548-133-0x0000000000000000-mapping.dmp
-
memory/1880-156-0x0000000000000000-mapping.dmp
-
memory/2368-137-0x0000000000000000-mapping.dmp
-
memory/3496-145-0x0000000000000000-mapping.dmp
-
memory/3912-140-0x0000000000000000-mapping.dmp
-
memory/4552-150-0x0000000000000000-mapping.dmp
-
memory/4600-135-0x0000000000000000-mapping.dmp